alpine 3.6
buffer weakness #235

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

python2/src/Python-2.7.15/Python/dynload_beos.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

 #endif
}



dl_funcptr _PyImport_GetDynLoadFunc(const char *fqname, const char *shortname,
                                    const char *pathname, FILE *fp)
{
    dl_funcptr p;
    image_id the_id;
    status_t retval;
    char fullpath[PATH_MAX];
    char funcname[258];

    if( Py_VerboseFlag ) {
        printf( "load_add_on( %s )\n", pathname );
    }

    /* Hmm, this old bug appears to have regenerated itself; if the
     * path isn't absolute, load_add_on() will fail.  Reported to Be
     * April 21, 1998.
     */
    if( pathname[0] != '/' ) {
        (void)getcwd( fullpath, PATH_MAX );
        (void)strncat( fullpath, "/", PATH_MAX );
        (void)strncat( fullpath, pathname, PATH_MAX );

        if( Py_VerboseFlag ) {
            printf( "load_add_on( %s )\n", fullpath );
        }
    } else {
        (void)strcpy( fullpath, pathname );
    }

    the_id = load_add_on( fullpath );
    if( the_id < B_NO_ERROR ) {
        /* It's too bad load_add_on() doesn't set errno or something...
         */
        char buff[256];  /* hate hard-coded string sizes... */

        if( Py_VerboseFlag ) {
            printf( "load_add_on( %s ) failed", fullpath );
        }

        if( the_id == B_ERROR )
            PyOS_snprintf( buff, sizeof(buff),
                           "BeOS: Failed to load %.200s",
                           fullpath );
        else
            PyOS_snprintf( buff, sizeof(buff), 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.